What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

Please also note the links to related KB articles at the bottom of some of those, thanks and good luck.

CUSTOMERS: This only applies to to the Windows-based software - there are no published procedures yet for MAC or for Mobile applications. Although it could be adapted for MAC I believe.

This outlines what to do when something is detected as being malware by your McAfee software. This applies whether it is detected as regular malware or given the generic title 'Artemis' (given to "unknowns").

Files can be quarantined as regular malware or if they are currently unknown to the database, they will be labelled "Artemis", which I will deal with first.

It works by adding an extra layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labelling something as a possible threat.

If something is identified, maybe wrongly as "Artemis" then send an email to virus_research@mcafee.com with the Artemis detection name and the words "False Artemis!++++++++++++" as the subject line (minus the "", ++++++++++++ is the 12-digit code given to it). Also post in the Artemis forum with the Artemis number as the header and put an explanation in the body of the post. That gives you a double chance at getting it dealt with quickly.

However, if you still want to submit the file......the following is for Consumers only but could give Enterprise people pointers (Sorry not familiar with Enterprise).

You should go to the Restore tab in Security Center and make sure that it is forwarded to the Threat Center (Avert Laboratories) as, if it is harmless, it will then be excluded from the database automatically.

Lately this procedure is often blocked by ISP's because of the protocol the software utilizes, so do the following:

To send it to the Threat Center outside of SecurityCenter.....

First disable your virus protection and then reinstate the file from quarantine.

Email file (encrypted - see below) to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE: In-house file being detected by McAfee

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected (encrypted) using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees. Failure to follow these guidelines will cause your submission to be rejected or ignored.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to virus_research@mcafee.com ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.